DbgHook plugin for Olly 2.1 hooks the classics functions used for antidebugĄ¯s tricks
DbgHook is plugin for Olly 2.1 that hooks the classics functions used for antidebug's tricks, the driver is for Windows 7 x64 (tested on build 7600.16385.1), so for running it need to be registered and PatchGuard disabled (you can use tools like DSEO).
the plugin lets you control the following options:
-Flags
-Time (dynamic fake time,it freeze process's timers when you stop the execution,you can also chose a time's multiplication factor for clocks and RDTSC)
-Windows (hides Olly's window to debugged process)
-NtQuerySystemInformation
-NtSetDebugFilterState
-NtQueryInformationProcess
-NtOpenProcess
-NtClose
-NtUserBlockInput
-OutputDebugString
-NtTerminateProcess
-NtQueryInformationThread
-NtSetInformationThread
-Driver's name
the plugin by walter1945 from _https://quequero.org
from attachment(with builds and sources)
Last edited by sh3dow; 01-31-2015 at 21:55.
|